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(57) Abstract: A method of facilitating the lawful interception of an IP session between two or more terminals 12,13, wherein said 
session uses encryption to secure traffic. The method comprises storing a key allocated to at least one of said terminals 12,13 or to 
at least one of the subscribers using one of the terminals 12,13, at the terminal 12,13 and at a node 5,8 within a network 1,6 through 
which said session is conducted, or a node coupled to that network. Prior to the creation of said session, a seed value is exchanged 
between the terminal 12,13 at which the key is stored and said node 5,8. The key and the seed value are used at both the terminal 
12,13 and the node 5,8 to generate a pre-master key. The pre-master key becomes known to each of the terminals 12,13 involved in 
the IP session and to the network node 5,8. The pre-master key is used, directly or indirectly, to encrypt and decrypt traffic associated 
with said IP session. 
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AMENDED CLAIMS 
[received by the International Bureau on 8 August 2003 (08.08.03); 
original claims 1,15 and 16 amended; remaining claims unchanged (2 pages)] 

1. A method of facilitating the lawful interception of a data session between two or 
more terminals, wherein said session uses encryption to secure traffic, the method 

5 comprising: 

storing a key allocated to at least one of said terminals, at the terminal and at a 
node within a network through which said session is conducted or at a node coupled to 
that network; 

prior to the communication of a session setup request from the calling terminal 
10 to the called terminal exchanging a seed value between the terminal at which the key is 
stored and said node; 

using the key and the seed value at the terminal to generate a pre-master key, 
wherein the pre-master key subsequently also becomes known to the or each other 
terminal involved in the data session; and 
15 directly or indirectly using said pre-master key to encrypt and decrypt traffic 

associated with said session. 

2. The method of claim 1, wherein said node generates the pre-master key for use 
in lawful interception of the data session. 

20 

3. The method of claim 1 or 2, wherein said step of using the key and the seed 
value at the terminal to generate a pre-master key comprises using a key exchange 
procedure to transmit a first cross-parameter from the said at least one terminal to 
another terminal and to transmit a second cross-parameter from that other terminal to 

25 the said at least one terminal. 

4. The method of claim 3, wherein said key exchange procedure is a Diffie- 
Hellman exchange. 

30 5. The method of claim 4, and comprising applying a key derivation function to 
said key and the seed value to derive a second key, an exponentiation of the second key 
then being generated for use in the Diffie-Hellman exchange. 



AMENDED SHEET (ARTICLE 19) 



WO 03/049357 



26 



PCT/EP02/14080 



a second key sent to the at least one terminal from a peer terminal during the Diffie- 
Hellman exchange, and generating the pre-master key using that detected exponentiated 
second key and the second key of the said at least one terminal. 

5 15. A subscriber module for use in a communication terminal, the module 
comprising: 

a memory for storing a key allocated to a subscriber using the terminal; 

means for exchanging a seed value between the module and a node of a 
communications network over which an encrypted data session is to be conducted or a 
10 node coupled to that network, prior to the communication of a session setup request 
between the communicating terminals; 

means for using the key and the seed value to generate a pre-master key which 
pre-master key also becomes known to the or each other terminal involved in the data 
session; and 

15 means for directly or indirectly using the pre-master key to encrypt and decrypt 

traffic associated with said session. 

16. A network node for use in intercepting encrypted traffic associated with a data 
session conducted between two or more terminals coupled to a communications 
20 network, the node comprising: 

a memory storing keys allocated to terminals or subscribers registered with the 
network; 

means for exchanging seed values with terminals prior to the communication of 
a session setup request between terminals and the setting up of a data session between 
25 the terminals; and 

means for using the key and the seed value to generate a pre-master key or for 
passing the key and seed value to another node having means for using the key and the 
seed value to generate a pre-master key. 

30 17. A method of facilitating the lawful interception of a data session between two or 
more terminals, wherein said session uses encryption to secure traffic and at least one of 
the terminals is a mobile wireless device, the method comprising: 

storing a key allocated to said at least one terminal or to a subscriber, at the 
terminal and at a node within the terminal's/subscriber's home network; 
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